Security Tips for e-Services

Security Tips for e-Services

Online security of
our e-Services has always been Wing Lung Bank (“the Bank”)’s prime
concern. A safe and secure system does not only ensure confidentiality of customers'
information but more importantly, prevent unauthorized operation of customers'
bank account. Apart from the security measures implemented by the Bank, you are also
responsible to play an equally important role in safeguarding your personal account
information. As such, important guidelines are summarized in this section for your
reference. You are highly recommended to incorporate these guidelines into your habit
when handling your personal account information.

If you suspect any unauthorized
use or abnormal transactions related to your e-Services account, you should contact
the Bank by calling our Customer Services Hotline at (852) 230 95555 or Wing Lung
Credit Card Centre 24-hour Hotline at (852) 3711 7900 to request for suspension of
related e-Services.

(4) Two-Factor Authentication

As part of our on-going commitment
for improving online security and protecting you, we are delighted to present you
with two-factor authentication technology “Security Token”, which aims
to ensure a higher level of security for Wing Lung NET Banking / Wing Lung Mobile
Banking Services.If customers choose to logon WLB Wintech without security token,
the account may not be able to avoid the risk of unauthorized third party access effectively,
including but not limited to unauthorized securities transactions.

Two-factor
authentication uses a combination of two different factors, something you know (e.g.
logon ID and Password) plus something you have (e.g. digital certificate, Security
Token or mobile phone) for verifying a user's identity. The Security Token offers
a higher degree of protection from a large variety of online threats, including phishing,
key-logging / Trojans, shoulder surfing and screen capturing.

What is One-Time Password?

One-Time Password (OTP)
is a single-use, time-sensitive Security Code. It is used to authenticate the identity
of customers of Wing Lung NET Banking / Wing Lung Mobile Banking Services.

How to use the Security Token?

The use of Security
Token is simple and convenient. When logging on Wing Lung NET Banking / Wing Lung
Mobile Banking Services, you have to press the Security Token button once and enter
the 6-digit OTP generated by the Security Token, in addition to your logon ID and
password for completing the logon procedures. For certain transactions, you are required
to enter OTP or “Transaction Signing Verification Code” for transaction
confirmation. With the Two-Factor Authentication, your financial information is securely
protected.

Remark: Each OTP will be valid for a short time interval. If the
time permitted for the entry of the OTP expires, simply press the button on your Security
Token to generate another OTP and enter the new OTP.

If you have received
a Security Token, please follow the steps to activate the Security Token via Wing Lung
NET Banking Services.

What should I do for the daily
maintenance of the Security Token?

All customers of Wing Lung NET Banking
/ Wing Lung Mobile Banking Services will receive their first Security Token free of
charge. Replacements of lost or damaged Security Token will be subject to a handling
fee. For further assistance in maintaining the operability of your Security Token,
please follow the guidelines below.

Do not drop your Security Token from heights, step on it, or physically
stress the Security Token. Your Security Token has been designed to tolerate the normal
day-to-day stress levels associated with daily handling. The Security Token will be
damaged if exposed to abnormal conditions.

Do not open your Security Token.
Your Security Token has several tamper proof features. Opening the Token, removing
the battery or circuit board, etc. will cause the malfunction of the Security Token.

What if my Security Token is not functioning or lost?

If the Security Token is malfunctioned
or its battery is running low (the word "BATT" is shown), you may visit
any of our branches to request for replacement.

If the Security Token is
malfunctioned or its battery is running low (the word "BATT" is shown),
you may visit any of our branches to request for replacement.

Upon obtaining
a new Security Token, you should logon to Wing Lung NET Banking Services to activate
the new Security Token following the instructions.

If you are abroad and
unable to visit the Bank for replacement of the Security Token, or should you have
any enquiries, please contact us at (852) 230 95555.

Remarks:

Customer
will be liable for all losses if customer has failed to inform the Bank as soon as
reasonably practicable after having found that the Security Token has been lost or
stolen.

Customer has to return the Security Token to the Bank upon termination
of Wing Lung NET Banking / Wing Lung Mobile Banking Services, or otherwise, the Bank
has reserved the right to collect a handling fee from the customer.

How to safeguard my Security Token?

Keep
your Security Token in a secure place and never leave it unattended or lend it to
others.

Never personalize your Security Token, such as logon ID or password
for identification purposes. Ensure to store your password and Security Token separately.

(5) Logon and Logoff

In
order to ensure browsing the genuine website of the Bank, it is suggested to open
a browser and type the bank website address (www.winglungbank.com) yourself to logon Wing Lung NET Banking
/ Wing Lung Mobile Banking Services and bookmark the website address in the browser
for future use; or follow the Bank’s announced method to logon Wing Lung NET
Banking / Wing Lung Mobile Banking Services (e.g. mobile app).

Beware of
any unusual login screen or process (e.g. a suspicious pop-up window or request for
providing additional personal information which is not necessary) and whether anyone
is trying to peek at your password. Log out immediately after use.

Ensure
that the logon ID and password you input cannot be viewed by others.

Check
your last logon time when you have access to Wing Lung NET Banking / Wing Lung Mobile
Banking Services.

(6) Encryption Function & e-Certificate

When
you are connecting or have connected to Wing Lung NET Banking / Wing Lung Mobile Banking
Services, ensure that the "lock" icon on the browser is always in secure
mode and then double click or left click the "lock" icon to verify the information
on the e-Certificate.

Secure
Mode

Non-secure Mode

Wing
Lung NET Banking Services

No icon

Wing Lung Mobile
Banking Services

No icon

Wing Lung Bank
has been using the latest encryption security measure with the adoption of EV TLS
Certificate (Extended Verification TLS Certificate). When using Microsoft Internet
Explorer 7.0 or above to logon to Wing Lung NET Banking / Wing Lung Mobile Banking
Services, URL address bar will turn into green color and the name of the certificate
owner will be displayed as Wing Lung Bank Ltd. This indicates the identity of the
site is successfully verified. By pressing the URL address bar or secured lock icon,
you can verify the Internet security certificate information including validity and
information below while the display format varies for different browsers.

Wing Lung NET Banking
Services

Issued to: www.winglungbank.com

Issued by: Symantec
Class 3 Extended Validation SSL SGC CA

Wing Lung NET Securities Services

Issued
to: www.winglungsec.com

Issued by: Symantec Class 3 Extended Validation SSL
SGC CA

Wing Lung Mobile Banking Services

Issued to: m.winglungbank.com

Issued by: Symantec Class
3 Extended Validation SSL SGC CA

(7)
Other Appropriate Preventive Measures

Operating System Configuration / Software Installation

Turn off remote access control
features to prevent unauthorized access to your computer.

Disable file and
print option sharing features to prevent the access of your personal information by
unauthorized persons.

Never install software from unknown sources.

Never
use any jailbreak or rooted mobile device which may have security loopholes to logon
to Wing Lung NET Banking / Wing Lung Mobile Banking Services.

Keep the operating
system of your mobile device and app up-to-date.

Do not register other’s
biometrics record in the device for authentication purpose.

Do not authorize
any unnecessary access permission when installing software / apps.

Browser Settings

Use
the latest recommended internet browser.

Do not use a browser in beta version.

Use
the browser that supports TLS or above.

Clear any "cache" and
"history" to prevent unauthorized access to the temporary files stored in
your computer / mobile, which may contain your account information

Disabling the "Auto-complete" Feature

The
"auto-complete" feature will automatically complete the entries of web address,
form, logon ID and password with values from previous input.

When you use this
function during the logon process with your computer / mobile, your logon ID and password
will be recorded and stored for future auto completion. Since this function auto-completes
your logon ID and password, unauthorized person can also logon to Wing Lung NET Banking
/ Wing Lung Mobile Banking Services with your computer / mobile. To keep information
confidential, the auto-complete function should always be disabled.

ActiveX Controls

An ActiveX control is a type of program
that can take complete control of your computer. Data in your computer system may
be deleted if you download an ActiveX control from a web site without ensuring its
details and source.Before downloading an ActiveX control, you should:

Set
your browser safety level to medium or above to enhance security.

Make sure
that the source of the program is from a known publisher.

Read the information
provided on the security certificate to ensure that it is the correct control.

Read
any pre-installed document and make sure that you understand the impact of such installation.

Never
download the ActiveX control if you have doubts about its source, content and impact
on your system.

Disabling the "File
and Printer Sharing" Feature on Your Operating System

Disable
the "File and Printer Sharing" feature of your operating system to prevent
illegal control or access to your computer.

In cases of email scam, the
fraudsters usually hack into the victim's email account and check the victim's
business correspondence with business partners. They then send an email to the victim
using the same or similar email account of his business partner and claim that the
payment bank account has been changed. They will also further request the victim to
deposit the payment for goods into the fraudster's designated bank account. If
you receive any suspicious emails, you should confirm the identity of the purported
business partners or the authenticity of the requests by means of telephone before
remittance so as to prevent from being deceived.

Click here to download the form "Customer Information Amendment
Form" and then return the completed form in person or by mail to any of our branches
for processing.

Dial our Customer Services Hotline (852) 230 95555 and
press 7>8>1 after selecting language and enter your facsimile number to request
for the form "Customer Information Amendment Form". Then return the completed
form in person or by mail to any of our branches for processing

Regular
review and follow security tips published by us to keep yourself updated about the
latest security issues.

Before
performing “Wing Lung NET Banking / Wing Lung Mobile Banking Services Suspension”,
you should prepare for the following information:

Your
last logon time.

Print / capture related screen.

(9) Man-In-The-Browser Attack

Note
for an online threat known as a Man-In-The-Browser (MITB) attack, where an attacker
takes control over a customer's connection and transmits counterfeit screens to
the customer in attempt to capture and manipulate customer data.

A common
MITB attack scenario involves the attacker taking control over a customer's login
session. The attacker sends screens similar to the online banking screens requesting
the customer to wait while their details are being verified. During the period, the
attacker would initiate a request for adding payee or updating personal information.
An SMS containing an OTP is sent to the customer's mobile phone as part of the
process. More counterfeit screens are sent to the customer to prompt the customer
to key in the OTP in order for the attacker to proceed with payee addition and / or
personal information update.

Do not proceed if you notice an unusual screen
or message during your login session to Wing Lung NET Banking / Wing Lung Mobile Banking
Services.

Do not act on a mobile SMS with OTP that you have not requested
for.

(10) More Security Information

To
know more about the security issue of e-Services, please click the following links: